Sponsoring:

From: Darren Breidigan
------------------------------------------------------
Is there a preference or best practice for firewall placement for a SOHO?
modem->firewall->router->server
or
modem->router->firewall->server
Does it matter whether there is a router/firewall or a embedded
[Rasp/Pi] setup?
Just an experiment for a local shop that still does almost everything by
hand.
Darren

===============================================================
From: Aaron welch
------------------------------------------------------
Most scenarios have the router and firewall as the same device.
-AW

===============================================================
From: Christopher Rimondi
------------------------------------------------------
If you will rely on this firewall to view logs then place it somewhere it
can see the internal IP addresses, i.e. that it just won't see a NAT'd IP.

===============================================================
From: Dave Brockman
------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Come again, slowly this time? Where would you put your firewall where
it would not see internal IP addresses in a SOHO environment? Since
SOHO firewall or router really both mean NAT device?
It really depends on your topology and what you want to accomplish.
If you have Cable Internet, then you will have a router (SMC gateway)
and then a firewall. If you are on EPB, you can WAN straight into
your firewall. I prefer a proper border router in front of my
firewall, but that requires someone asking EPB for a routed circuit
for their statics.
No such option with Comcast, you just get to deal with their bridge,
you don't have a single choke point if you have more than 1 static.
Regards,
dtb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEbBAEBAgAGBQJSKMbMAAoJEMP+wtEOVbcdHuIH93qh2gfU0ghNmvRZHgRi7g53
ybj5kd5R20s/83no5F7VW17Rv++fsVurZ2fv4vo9Dx/Vn04xPFCbx/N/sRdQ0lfz
04DNm1Rbd8jWndTUd4UcFWCaPZWPlVKr8UTUpzZZZg11hEVJx1wzefAcIB+s7Vfh
sJtyloBGd3H8gOLgZushweFmo3gkjAjXgtdikdWwSNvDmk0qX/QEUPrnlN7nA2Yt
ZswwWomhymy3ky3+cjInCY9i1+aVPl6amD4VryrJ5iSxX1LNKWBIvgQt3rP+4ngo
ASU+nFhCEnf2oRenl4X6rg3cx0Gso1l7DSRGsIsgcznv+FNS4MOlS0CHcA18sg==
=jbjp
-----END PGP SIGNATURE-----

===============================================================
From: Ed King
------------------------------------------------------
I prefer my firewall between the passengers and the engine ;)=0A=0A=0A=0A=
=0A